The dominator tree is usually computed as part of scheduling (in
{Scheduler::ComputeSchedule}). For tests it was missing, leading to
DCHECK errors in the mid-tier register allocator, which uses the
dominator tree.

R=mslekova@chromium.org

Bug: v8:12330
Change-Id: I02bc8dee3aecb6a1613fa1d07d3aae85cd28de17
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3245114Reviewed-by: Maya Lekova <mslekova@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77543}

For the upcoming host_defined_options fixes we will have to explicitly
pass the host-defined options to Invoke so we will be able to install
it in the script context in the future.

Bug: chromium:1244145
Change-Id: I690cc774d6a17278db4381aba8c3408e979606c1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222765
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77524}

Extract instructions, and pextrq.

Bug: v8:12207
Change-Id: I919ce53a6bb1357cb70d78b3c7f12fc3d2128deb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3223969
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77504}

Relaxed f32x4 and f64x2 min and max.

These instructions only guarantee results when the inputs are non nans,
and when the inputs are not 0s of opposite signs.

Reuse existing float binop testing harnesses and add special checks for
such constants when relaxed operations are being tested.

Drive-by rename of x64 instruction codes to be Minps/Maxps/Minpd/Maxpd
since they map down exactly to a single instruction.

Bug: v8:12284
Change-Id: I1449dbfa87935a96d7d260db22667ab7b9e86601
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218196Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77484}

... when the v8_enable_external_code_space build flag is enabled.

Bug: v8:11880
Change-Id: I754c6229dcd25f81ef6dfbedc5885ac025c0aeff
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3164458
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77479}

This is a reland of 929b83fb

This version of the CL also fixes initialization of the
marking_barrier_ in the LocalHeap constructor.

This CL also got rebased on Victor's CL in https://crrev.com/c/3229361.
It added a code_space_allocator_ in LocalHeap which needs to be
initialized a bit later on the main thread as well.

Original change's description:
> [heap] Attach to shared isolate after setting up main thread
>
> Attach to the shared isolate after the main thread was set up. Otherwise
> it could happen that a shared GC initiated from another isolate might
> see no threads are running and performs the safepoint operation in the
> middle of isolate deserialization.
>
> We use DisallowSafepoints to check that the isolate doesn't join a
> global safepoint before deserialization is complete. DisallowSafepoints
> used to prevent only invocations of Safepoint() but was updated to
> also prevent Park() and Unpark() invocations. Each state change could
> cause the thread to reach a safepoint, which would allow a shared GC
> to run.
>
> We now also DCHECK that every isolate has at least one local heap and
> that shared collections aren't started before deserialization is
> complete.
>
> Bug: v8:11708
> Change-Id: Iba3fb59dd951d5ee4fc9934158062287302fc279
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221157
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77424}

Bug: v8:11708
Change-Id: I7d44e4a5f76cc09092c2444cede10e9331222c1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3229361Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77448}

Bug: v8:12228
Change-Id: I434b07e3d7a2e270dc7dd26950b9dd047eb46a56
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219944Reviewed-by: Zhi An Ng <zhin@chromium.org>
Commit-Queue: Yolanda Chen <yolanda.chen@intel.com>
Cr-Commit-Position: refs/heads/main@{#77446}

[1] fixes the behavior of StaNamedOwnProperty to no longer do prototype
lookups. This lets us revert [2] and go back to using the fast path in
the clone spread object literal bytecode.

The test case from [2] is kept.

[1] https://chromium-review.googlesource.com/c/v8/v8/+/2795831
[2] https://chromium-review.googlesource.com/c/v8/v8/+/3178969

Bug: v8:9888, chromium:1251366
Change-Id: I9d2cb69b803c403f63365f55d27c4de20ff7dafb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3224666Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77444}

No functionality change expected.

Most scopes are renamed new_scope.

Bug: v8:12244,v8:12245
Change-Id: I85d23b0ba6971f51b9bbfc1f3afeb89fb70f035e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3227268
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77443}

No functionality change expected.

Most scopes are renamed new_scope or new_handle_scope. For some test
cases the outer scope is renamed to outer_scope since there are
multiple inner scopes.

Bug: v8:12244,v8:12245
Change-Id: I85953617e54f2140fa88c593eb7c186b570fdd04
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3227266Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77442}

This reverts commit 929b83fb.

Reason for revert: https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Linux64%20UBSan/18725/overview

Original change's description:
> [heap] Attach to shared isolate after setting up main thread
>
> Attach to the shared isolate after the main thread was set up. Otherwise
> it could happen that a shared GC initiated from another isolate might
> see no threads are running and performs the safepoint operation in the
> middle of isolate deserialization.
>
> We use DisallowSafepoints to check that the isolate doesn't join a
> global safepoint before deserialization is complete. DisallowSafepoints
> used to prevent only invocations of Safepoint() but was updated to
> also prevent Park() and Unpark() invocations. Each state change could
> cause the thread to reach a safepoint, which would allow a shared GC
> to run.
>
> We now also DCHECK that every isolate has at least one local heap and
> that shared collections aren't started before deserialization is
> complete.
>
> Bug: v8:11708
> Change-Id: Iba3fb59dd951d5ee4fc9934158062287302fc279
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221157
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Shu-yu Guo <syg@chromium.org>
> Reviewed-by: Jakob Gruber <jgruber@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77424}

Bug: v8:11708
Change-Id: I0633150b6b40b297a335a39bf1a087ca93592e04
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3225937Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77425}

Attach to the shared isolate after the main thread was set up. Otherwise
it could happen that a shared GC initiated from another isolate might
see no threads are running and performs the safepoint operation in the
middle of isolate deserialization.

We use DisallowSafepoints to check that the isolate doesn't join a
global safepoint before deserialization is complete. DisallowSafepoints
used to prevent only invocations of Safepoint() but was updated to
also prevent Park() and Unpark() invocations. Each state change could
cause the thread to reach a safepoint, which would allow a shared GC
to run.

We now also DCHECK that every isolate has at least one local heap and
that shared collections aren't started before deserialization is
complete.

Bug: v8:11708
Change-Id: Iba3fb59dd951d5ee4fc9934158062287302fc279
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221157
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77424}

Avoid repeated collisions when the name doesn't hold much entropy.
This is typically the case with minified sources where 1 or 2 letter
names are used very frequently.

Bug: v8:12316
Change-Id: I20df3a6b0c5daf7975668d25404eca94a1230fe0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3222759Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77416}

4 instructions, i8x16, i16x8, i32x4, i64x2 relaxed lane select. These
instructions only guarantee results when the entire lane is set or
unset, so vpblendvb will give correct results for all of them.

Bug: v8:12284
Change-Id: I76959a23f2d97de8ecc3bef43d138184484e3c4d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3207006Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77401}

Since we introduced `array.init` as a way to create fully initialized
arrays, immutable arrays are no longer useless, and they enable certain
static optimizations, so this patch allows them.

Bug: v8:7748
Change-Id: I404aab60099826f4bd83cf54e5e1acbc38a3ca9b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3221151
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77397}

Tip of tree puts both internalized and in-place-internalizable strings
into the shared heap object cache. But only internalized strings need
to go in there, since we can't have duplicates of those. It's fine to
allocate in-place-internalizable strings in the shared heap each time
a new Isolate is initialized, it'll be deduplicated if it's
internalized eventually.

Bug: chromium:1258918, v8:12007
Change-Id: I0e46b73a5ac3be83d0eaa31915a3a24f47a8c2bd
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219690
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77388}

Mostly the macro lists, the rest will be moved in a follow-up.

Bug: v8:12207
Change-Id: Iedf48e80f94ac99869c8aa31516cf93f9fc23667
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3209665Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77387}

Due to caching issues we will not be able to store host-defined options
directly on the Script anymore. ScriptOrModule can thus no longer be
a i::Script.

NodeJS keeps weak references from ScriptOrModule to their import meta
data. This CL changes ScriptOrModule to be a temporary struct which has
a different lifetime. As a temporary fix until the API is fully updated
we introduce the v8_scriptormodule_legacy_lifetime compile-time flag.
It keeps references to ScriptOrModule alive on the Script to restore the
previous behavior (at an additional memory cost).

Bug: chromium:1244145
Change-Id: I1dc42d25930d7bc4f22ee3c9bba93d89425be406
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211575
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77382}

This is a reland of 1ea76c13

Disabled the failing test on Fuchsia until its PageAllocator
respects allocation hints.

Original change's description:
> Implement a fake virtual memory cage mechanism
>
> On operating systems where reserving virtual address space is expensive,
> notably Windows pre 8.1, it is not possible to create a proper virtual
> memory cage. In order to still be able to reference caged objects
> through offsets from the cage base on these systems, this CL introduces
> a fake cage mechanism. When the fake cage is used, most of the virtual
> memory for the cage is not actually reserved. Instead, the cage's page
> allocator simply relies on hints to the OS to obtain pages inside the
> cage. This does, however, not provide the same security benefits as a
> real cage as unrelated allocations might end up inside the cage.
>
> Bug: chromium:1218005
> Change-Id: Ie5314be23966ed0042a017917b63595481b5e7e3
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217200
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77367}

Bug: chromium:1218005
Change-Id: I2ed95d121db164679c38085115e8fa92690c057e
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3220151Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77378}

Also skip the test-shared-strings/YoungInternalization cctest, which
doesn't make sense when there is no young generation.

Bug: v8:12007
Change-Id: I3006960181a7da681d7318289a6ade6b0f0bf6da
Cq-Include-Trybots: luci.v8.try:v8_linux64_single_generation_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218197
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77371}

This reverts commit 1ea76c13.

Reason for revert: The unit test added fails on the Fuchsia bot https://ci.chromium.org/p/v8/builders/ci/V8%20Fuchsia/25976?

Original change's description:
> Implement a fake virtual memory cage mechanism
>
> On operating systems where reserving virtual address space is expensive,
> notably Windows pre 8.1, it is not possible to create a proper virtual
> memory cage. In order to still be able to reference caged objects
> through offsets from the cage base on these systems, this CL introduces
> a fake cage mechanism. When the fake cage is used, most of the virtual
> memory for the cage is not actually reserved. Instead, the cage's page
> allocator simply relies on hints to the OS to obtain pages inside the
> cage. This does, however, not provide the same security benefits as a
> real cage as unrelated allocations might end up inside the cage.
>
> Bug: chromium:1218005
> Change-Id: Ie5314be23966ed0042a017917b63595481b5e7e3
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217200
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Toon Verwaest <verwaest@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77367}

Bug: chromium:1218005
Change-Id: I541bb9656ab2a6a080c2a30d372226fcc5c95391
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3219086
Auto-Submit: Deepti Gandluri <gdeepti@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Deepti Gandluri <gdeepti@chromium.org>
Owners-Override: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77368}

On operating systems where reserving virtual address space is expensive,
notably Windows pre 8.1, it is not possible to create a proper virtual
memory cage. In order to still be able to reference caged objects
through offsets from the cage base on these systems, this CL introduces
a fake cage mechanism. When the fake cage is used, most of the virtual
memory for the cage is not actually reserved. Instead, the cage's page
allocator simply relies on hints to the OS to obtain pages inside the
cage. This does, however, not provide the same security benefits as a
real cage as unrelated allocations might end up inside the cage.

Bug: chromium:1218005
Change-Id: Ie5314be23966ed0042a017917b63595481b5e7e3
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217200
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77367}

... as a result of merging RelocInfo::target_object() with
RelocInfo::target_object_no_host(PtrComprCageBase),
where the cage base is used for accessing compressed embedded pointers.

There are two reasons for this change:
1) the parameterless version used to compute the cage base value from
   the host Code object, however, when external code space is enabled
   such a base value will not work for non-Code objects, since they
   require different cage base for decompressing,
2) when external code space is enabled, there must be no need to embed
   compressed Code objects at all because CodeDataContainers must be
   used instead.

In addition this CL introduces DCHECKs to enforce (2).

Bug: v8:11880
Change-Id: I5b504f91dea87c2bcaa1165d2dbfaada70cba7be
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211998Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77361}

This guarantees that if it's context-allocated, it'll be the first
slot in the context. That in turn allows us to drop a special index on
scope-info pointing at the receiver entry; once we update arguments
object handling to take the receiver possibly being there into
account.

Change-Id: Idfd06cf172e6905b02c8d17a962382e2a9ea0874
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211999
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77360}

Used to be needed for streaming but we don't use it anymore.

Change-Id: I0947155bec38a6b329452e42204f07170a72c155
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217195
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77339}

.. instead of referring to them through magic chars {s,S,w,W,d,D,n,.,*}.

Change-Id: Ib50937a2a7d4229a021377586a54be3db9ed8c1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217196
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77337}

Bug: v8:12298, chromium:1244145
Change-Id: Ic97fea06cd3ede330ad7c67c00bfb567006c3ac4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211891
Auto-Submit: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77336}

Bug: v8:12284
Change-Id: I3519dfa3302c5851585c7430a9930ccd81507090
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3206502
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77327}

When --shared-string-table is passed, in-place-internalizable strings
are promoted into the shared old space to maintain the invariant that
in-place internalization can be done without copying.

Also some drive-by comment fixes and removal of unnecessary 'explicit'
on multi-parameter constructors.

Bug: v8:12007
Change-Id: I467d865e41934b1d5cdf85cbecc85c4befbfeb21
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3193591
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77326}

Was a clang bug that has since been fixed, https://crbug.com/1163847.

Fixed: v8:11134
Change-Id: Idf2c4bcd8f07024e64e38289793e3af74f43e98c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3212808Reviewed-by: Milad Fa <mfarazma@redhat.com>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77324}

No functional changes.

- Removed unused Isolate* argument from regexp extrefs.
- Added const where possible.
- Removed unused functions.
- Shuffled declarations for better readability.
- ...

Change-Id: I6d9093052e8de4e33e9411541a691d0bab7b20c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3217193
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Auto-Submit: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77316}

This CL adds a new snapshot to hold objects that are in the shared heap
or may need to be in the shared heap depending on runtime flags.
Currently this is to support --shared-string-table, which puts all
in-place-internalizable strings, internalized strings, and the
string table into the shared heap.

The shared heap snapshot is never deserialized into client Isolates.
This means when V8 is started without a shared Isolate, the shared heap
snapshot is deserialized into all Isolates.

Bug: v8:12007
Change-Id: I7eeab73080cda2e8250a5a49747f25b2440a349d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3173905
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77309}

To prepare for prototyping shared memory features, all internalized and
in-place internalizable (1- and 2-byte seq strings and external strings)
will always be allocated in the shared old space.

Cons strings, thin strings, and sliced strings remain allocated in the
thread-local space. They are copied over to the shared space when
internalized, as internalization implies flattening, which for these
strings requires a copy already.

To make the in-place internalization threadsafe, updating the map of
such strings is now done with a release store.

This CL does not yet support external strings.

Bug: v8:12007
Change-Id: I982c35c5120bf4c0c70c5294ce011b47430414c8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140784
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77308}

This CL reorders the initialization scheme for shared and client
Isolates such that clients attach to the shared Isolate before
setting up the Heap. This is to support sharing the string table.

Bug: v8:12007
Change-Id: Icb0e40cc5ed84d516c8073a70d0f769f517044c9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3039264
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77307}

R=gdeepti@chromium.org

Bug: v8:12207
Change-Id: I3eafe4b2cf2d37fd4f8a9792fb96bf7b92a4c61b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3208456Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77292}

This patch adds infrastructure for collecting feedback about call_ref
call targets in Liftoff code, and using that feedback for turning
such calls into inlineable direct calls when building Turbofan graphs.
The feature is considered experimental quality and hence off by default,
--wasm-speculative-inlining turns it on.

Bug: v8:7748
Change-Id: I0d0d776f8a71c3dd2c9124d3731f3cb06d4f5821
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3205902
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77287}

Currently, when compiling with V8_VIRTUAL_MEMORY_CAGE enabled, the
behavior of the BoundedPageAllocator changes from simply making freed
pages inaccessible to decommitting them, which guarantees that they will
be zero-initialized after the next allocation. As this seems to cause
some performance regressions on Mac, this CL introduces a new enum that
specifies how the allocator should behave:
kAllocatedPagesMustBeZeroInitialized causes the pages to be decommitted
during FreePages() and ReleasePages() and thus guarantees
zero-initialization during AllocPages().
kAllocatedPagesCanBeUninitialized only causes the pages to be made
inaccessible, and so does not generally guarantee zero-initialization
for AllocPages().

Finally, this CL also removes some dead code in allocation.cc.

Bug: chromium:1257089
Change-Id: I53fa52c8913df869bee2b536efe252780d1ad893
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3208812
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77285}

Certain collators and subject strings may take this new fast
path without calling into the (slow) ICU comparison functions.

This CL can be roughly split into three topics:
1. The fast path check, precomputed and implemented as a whitelist
   on the current locale string.
2. The actual fast path, which checks subject string eligibility
   and performs L1 and L3 collation weight comparisons all in one pass.
3. Resuming from an aborted fast-path into the generic path.

A longer overview is available at
https://docs.google.com/document/d/1oyDwjYn2JyHsx2YnJJKhjX0WMNQXb8ao86-DRzqiYNg/edit?usp=sharing

JetStream2/cdjs scores improve by roughly 40%.

Bug: v8:12196
Change-Id: I5e1bbd731a36c361af9667f9104d6fa15c42e117
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3149463Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77284}

R=gdeepti@chromium.org

Bug: v8:12207
Change-Id: Ic0d408b3c7ecf69e45a794c6c96159df2bee80e4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3180376Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77273}

Liftoff is temporarily disabled on PPC.
After https://crrev.com/c/3202593 the newly skipped tests
are failing with this error:
```
Check failed: tester.native_module()->GetCode(0)->is_liftoff()
```

Change-Id: I681a27930909fd6ac4e5087c2d03608b891a6066
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3208070Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Milad Fa <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#77265}